Who we are looking for

We are looking for a Senior Security Engineer, Cyber Defense Platforms reporting directly to the Head of Defensive Engineering and Architecture. This role is hands‑on and engineering‑focused, responsible for hardening enterprise endpoints (workstations and servers) to reduce attack surface across the environment.

You will enforce secure configurations, minimize unnecessary services, and support execution control mechanisms in alignment with established security standards and architectural guidance. The role requires close collaboration with **Network Security (Net Sec)**teams to reduce endpoint‑to‑network exposure (e.g., restricted protocol usage, dependency reduction, and Zero Trust enforcement impacts), as well as with Data Security (Data Sec) teams to support endpoint controls that protect sensitive data, prevent unauthorized tools, and ensure alignment with approved software and data protection policies

Why this role is important to us

The team you will be joining is part of the Integrated Defensive Engineering and Architecture(IDEA) - Cyber Defense function, which is critical to reducing enterprise cyber risk and strengthening resilience against modern threats.

This role is vital because a significant portion of enterprise risk resides at the endpoint layer, where misconfigurations, excess privileges, and unapproved software are commonly exploited. By systematically reducing attack surface and enforcing strong endpoint controls, this role directly contributes to:

• Lower likelihood of ransomware and malware propagation
• Stronger Zero Trust posture
• Improved protection of sensitive and regulated data
• Measurable reduction in cyber risk at scale

What you will be responsible for

As a Senior Security Engineer, Cyber Defense Platforms

, you will:- Design, implement, and maintainendpoint hardening standards across workstations and servers, aligned with CIS benchmarks, internal standards, and risk‑based guidance

• Reduce enterprise attack surface by disabling unnecessary services, features, protocols, and tooling across endpoint environments
• Engineer and support execution control mechanisms, including application control, script control, and prevention of unauthorized software
• Partner with Net Sec teams to reduce endpoint‑to‑network exposure, including protocol restrictions, dependency mapping, and Zero Trust enforcement considerations
• Support Data Sec initiatives by enabling endpoint‑level controls that protect sensitive data and enforce approved software and data handling policies
• Identify and assess unapproved or risky endpoint software, working with stakeholders on remediation, allow‑listing, or removal paths
• Collaborate with platform, infrastructure, and operations teams to ensure controls are scalable, reliable, and operationally sustainable
• Contribute to security architecture documentation, standards, and roadmaps related to endpoint and defense platforms

What we value

These skills will help you succeed in this role

• Strong security engineering mindset with the ability to translate risk into practical, enforceable technical controls

• Deep problem‑solving skills and the ability to operate effectively in complex, large‑scale enterprise environments

• Experience designing and deploying security controls across large scale multi‑region environments

• Ability to collaborate across security, infrastructure, and application teams while maintaining a strong security posture

• Clear communication skills to explain trade‑offs, risks, and control impacts to technical and non‑technical stakeholders

Education & Preferred Qualifications

• Bachelor’s degree in Computer Science, Engineering, Cybersecurity, or a related discipline (or equivalent experience)

• 8+ years of experience in security engineering, endpoint security, or defensive cyber roles

• Strong hands‑on experience with endpoint security platforms (e.g., EDR, application control, configuration management, hardening frameworks)

• Experience with Zero Trust principles, endpoint‑to‑network control models, or execution control technologies

• Security certifications such as CISSP, GCED, GSEC, OSCP, or relevant vendor certifications are a plus

Additional requirements

• Experience working in regulated or large enterprise environments preferred

• Ability to influence and drive security improvements without direct authority

• Occasional after‑hours support for high‑risk changes or security incidents, as required

Work Requirement

• Hybrid work model (specific in‑office requirements aligned with team and location policy)
• Standard business hours with flexibility to support global teams and critical security initiatives

Salary Range:

$90,000 - $157,500 Annual

The range quoted above applies to the role in the primary location specified. If the candidate would ultimately work outside of the primary location above, the applicable range could differ.

Employees are eligible to participate in State Street’s comprehensive benefits program, which includes: our retirement savings plan (401K) with company match; insurance coverage including basic life, medical, dental, vision, long-term disability, and other optional additional coverages; paid-time off including vacation, sick leave, short term disability, and family care responsibilities; access to our Employee Assistance Program; incentive compensation including eligibility for annual performance-based awards (excluding certain sales roles subject to sales incentive plans); and, eligibility for certain tax advantaged savings plans.

For a full overview, visit https://hrportal.ehr.com/statestreet/Home.

About State Street

Across the globe, institutional investors rely on us to help them manage risk, respond to challenges, and drive performance and profitability. We keep our clients at the heart of everything we do, and smart, engaged employees are essential to our continued success.

We are committed to fostering an environment where every employee feels valued and empowered to reach their full potential. As an essential partner in our shared success, you’ll benefit from inclusive development opportunities, flexible work-life support, paid volunteer days, and vibrant employee networks that keep you connected to what matters most. Join us in shaping the future.

As an Equal Opportunity Employer, we consider all qualified applicants for all positions without regard to race, creed, color, religion, national origin, ancestry, ethnicity, age, disability, genetic information, sex, sexual orientation, gender identity or expression, citizenship, marital status, domestic partnership or civil union status, familial status, military and veteran status, and other characteristics protected by applicable law.

Discover more information on jobs at StateStreet.com/careers

Read our CEO Statement

Job Application Disclosure:

It is unlawful in Massachusetts to require or administer a lie detector test as a condition of employment or continued employment. An employer who violates this law shall be subject to criminal penalties and civil liability.